Online Security

Protecting you and your information is paramount to Student Finance England. We have partnered with ‘Get Safe Online’ to promote online safety and security.

www.getsafeonline.org has useful information, and helpful advice about online safety.

Phishing guide (PDF - opens in a new window) - read a PDF guide to fraudulent emails and fake websites

Top Five Tips to Avoid Phishing

1. Be suspicious of any urgent requests for personal or financial information.

2. Be aware: Phishing scams are common at the three main instalment payment dates in September, January and April.

3. Always ensure that you're using a secure web site when submitting credit card or other sensitive information; look out for "https://" and/or the security lock.

4. Prevention: Your email details may have been taken from a social networking site so avoid disclosing your email address or make sure you hide it on your page.

5. Check the quality of the communication. Misspelling, poor punctuation and bad grammar are often tell-tale signs of phishing.

Received a phishing email or been caught out?

If you receive a suspicious email forward the email to our Security Team who will investigate and shut down any sites to help protect other students. Please note that we cannot respond to all emails sent to this address.

If you have responded to a phishing e-mail and given your details you should change your account password and forward the email to phishing@slc.co.uk to alert us as soon as possible. If your account has been compromised, we will investigate the incident.

The Student Loans Company will:

Never ask you to update your bank details.

Never ask you to verify your account details

Never ask you to click a link always type the address yourself: www.direct.gov.uk/studentfinance

Never ask you to answer combinations on the same screen i.e. Your Customer Reference Number and Password on the same screen.

Never provide you with a choice of secret question. We will only ever ask you the question you gave us.

Never ask you to update items such as date of birth or provide your email address password.

Passwords and Secret Answers

When you register on Student Finance England we provide you with security details; a user name- ‘Customer Reference Number’ (formerly known as ART ID), a password and a secret answer. When you first log in you will need to change your password.

You can change your password and secret answer at any time by using our online service.

Always, choose a password and secret answer that you will remember, but will not be easily guessed by anyone else.

‘Phishing’

We will never email you asking you to confirm your login details or your bank account details. If you receive an email that appears to be from us and asks you to visit our site and confirm your details then it is probably a 'phishing' email.

Phishing is a fraudulent activity designed to trick you in to giving out your login details, fraudsters can then use this information to log in to your account and steal information.

If you receive an email like this then you should forward it to phishing@slc.co.uk and by letting us know you have received one we can work to help protect you and others who may be affected. Please note that you will not receive any replies from this email. If you have further queries you should contact us

If you think that someone might have guessed or found your login details, or you have disclosed them after a phishing email, you can use our online password reset service to change your details.

Cookies

Cookies are small files that are often created when you visit a website, which are stored in the cookies directory of your computer. A cookie is created on your computer when you visit Student Finance England and you need to accept this cookie if asked.

The cookie we use is only valid when you are logged in to our site. It expires when you log out and close your browser and it contains no information personal to you.

We do not use ‘tracking cookies’, used to track usage or return visits to a website, on our site.

Safely accessing our service

The Student Finance England website is designed to ensure that when you access your account or send us information it is secure.

When you log in and access your online account, you are protected by a secure encrypted session. You will see the web address starting “https” rather than just “http” and a small padlock icon in the status bar at the bottom of your browser window.

Always log out of our site when you have finished using it, and close the browser window. This ensures that your user session is closed properly.

We recommend that when you visit Student Finance England that you type the www.direct.gov.uk/studentfinance address into your browser. This ensures you are going to the correct site and not a spoof or fraudulent site.

Protecting Your Computer

Update your Operating system

Regularly check that your computer’s operating system and the running software on it is up to date.

Most operating systems have an update facility which will automatically update their software on your computer.

For other software packages or programs you use, visit the manufacturer’s website for available updates.

Install an Anti-Virus Scanner

A good anti-virus scanner will check incoming emails and files you open.

New viruses are discovered daily by anti-virus makers so it is important that you update the ‘definition files’ (the list of viruses the scanner knows about) every 2 or 3 days.

Install a Firewall

A firewall is an essential barrier between your computer and the internet, preventing anyone connecting to your computer without your permission.

Most current computer operating systems, such as Mac OS X, Windows XP or Vista, have inbuilt firewalls. There are firewall products that can be downloaded from the internet. Make sure that your computer’s firewall is active.

Beware of Viruses, spyware and malware

Any computer connected to the internet may be vulnerable to viruses, malware or spyware.

Viruses come in many forms; attached to emails, contained in innocent looking programs or spread by infected websites.

Viruses try to either damage your computer by removing important files or altering data, or to collect information about you and send it on to an unauthorised third party. Viruses may try to spread themselves by attempting to send themselves to your email contacts or other users of file-sharing sites.